topic PAN-OS 10.2.9-h9 release notes and CVE-2024-3400 in Next-Generation Firewall Discussions

PAN-OS 10.2.9-h9 release notes and CVE-2024-3400

LeeFrancis2 — Mon, 05 Aug 2024 08:38:06 GMT

The addresses issues listed in the release notes ( 1/8/24) for PAN-OS 10.2.9-h9 state:

PAN-252214 A fix was made to address CVE-2024-3400.

However this was previously stated as fixed in 10.2.9-h1.

Is this 'duplicate reporting' or does this address a new exploit variant / scenario, not yet disclosed ?

I note no change in preferred version page or the security advisory page, however seems important to have clarification around such a serious CVE. Anyone in the community already raised this with PAN Support ?

Re: PAN-OS 10.2.9-h9 release notes and CVE-2024-3400

zahmed01 — Tue, 06 Aug 2024 16:21:53 GMT

Hello,

Since the CVE-2024-3400 was addressed in PANOS 10.2.9-h1, all hotfixes after 10.2.9-h1 will include the fix for the CVE. This means that 10.2.9-h9 also includes the same fix for the CVE issue that was fixed in 10.2.9-h1, but -h9 addressed some other issue that was targeted for that -h9 version. Please reference this list here: https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-release-notes/pan-os-10-2-9-known-and-addressed-issues/pan-os-10-2-9-h9-addressed-issues

Thanks,